1e6b5d1de8ba51cbf5d94600d07923b165e2e92569d653c56152bbb81f726f39

Resubmissions

01/03/2022, 08:14

01/03/2022, 07:35

Target

sample.exe
Size

141KB
MD5

1c2af6c5e1b8b87189b5da7bd3cefe30
SHA1

6881acb4f1401f0db02bbebe82e2381a0b7c447d
SHA256

cf0705a3e4f3690e28184eb019a4940e7291ce5b3d52747ff80b72e90922a89b
SHA512

1f391111cbeb12f892c272076111a8317b98c9eda4bbf12eefb7a47bcc1a327b43310739a301718b700dc2ce28339b00533f2c9eda1f06ffff21f30d69ce6362

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
764	1476	WerFault.exe	26

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1476	sample.exe
Token: SeDebugPrivilege	764	WerFault.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1476 wrote to memory of 764	1476	sample.exe	28
PID 1476 wrote to memory of 764	1476	sample.exe	28
PID 1476 wrote to memory of 764	1476	sample.exe	28

memory/764-56-0x000007FEFC401000-0x000007FEFC403000-memory.dmp

Filesize
8KB

Download
memory/764-59-0x00000000005B0000-0x00000000005B1000-memory.dmp

Filesize
4KB

Download
memory/1476-54-0x00000000000E0000-0x000000000010A000-memory.dmp

Filesize
168KB

Download
memory/1476-55-0x000007FEF5EC3000-0x000007FEF5EC4000-memory.dmp

Filesize
4KB

Download
memory/1476-58-0x0000000000400000-0x0000000000401000-memory.dmp

Filesize
4KB

Download
memory/1476-57-0x000000001B050000-0x000000001B052000-memory.dmp

Filesize
8KB

Download